How to use Cors anywhere to reverse proxy and add CORS headers

javascript cors cors-anywhere
Stranger B. picture Stranger B. · Apr 16, 2015 · Viewed 122.1k times · Source

I've been reading for two hours the documentation of this Reverse proxy to add CORS headers, and I'm not able to use. Can you please help with a simple example how to use that.

CORS-ANYWHERE

I've tried that example in a javascript 

(function() {
var cors_api_host = 'cors-anywhere.herokuapp.com';
var cors_api_url = 'https://' + cors_api_host + '/';
var slice = [].slice;
var origin = window.location.protocol + '//' + window.location.host;
var open = XMLHttpRequest.prototype.open;
XMLHttpRequest.prototype.open = function() {
    var args = slice.call(arguments);
    var targetOrigin = /^https?:\/\/([^\/]+)/i.exec(args[1]);
    if (targetOrigin && targetOrigin[0].toLowerCase() !== origin &&
        targetOrigin[1] !== cors_api_host) {
        args[1] = cors_api_url + args[1];
    }
    return open.apply(this, args);
};
})();

I don't understand really if I need node.js or what exactly

Answer

Rob W picture Rob W · Aug 23, 2015

CORS Anywhere helps with accessing data from other websites that is normally forbidden by the same origin policy of web browsers. This is done by proxying requests to these sites via a server (written in Node.js, in this case).

"To use the API, just prefix the URL with the API URL.". That's really all of it. So, instead of requesting http://example.com, you will request https://cors-anywhere.herokuapp.com/http://example.com. CORS Anywhere will then make the request on behalf of your application, and add CORS headers to the response so that your web application can process the response.

The snippet from your question automatically modifies the URL for requests generated by XMLHttpRequest if needed. This snippet is not required, you can just prepend the CORS Anywhere API URL yourself, as done in the demo page.

The repository on Github (https://github.com/Rob--W/cors-anywhere) contains the source code of the server that powers CORS Anywhere. If you are a front-end dev, then that's all you need to know. If your application has many users, then you should host CORS Anywhere yourself, to avoid eating up all resources on the public CORS Anywhere server.

Related questions

cors-anywhere.herokuapp.com not working (503). What else can I try?

I am trying to send a get request to the Wikipedia API. I am sending the request form a angular frontend so i'm trying to use the Heroku CORS Anywhere endpoint to avoid CORS issues. For some reason, I'm still …

Read More
Why does my JavaScript code receive a "No 'Access-Control-Allow-Origin' header is present on the requested resource" error, while Postman does not?

Mod note: This question is about why Postman is not subject to CORS restrictions in the same way an XMLHttpRequest is. This question is not about how to fix a "No 'Access-Control-Allow-Origin'..." error. Please stop posting: CORS configurations for every …

Read More
How does Access-Control-Allow-Origin header work?

Apparently, I have completely misunderstood its semantics. I thought of something like this: A client downloads javascript code MyCode.js from http://siteA - the origin. The response header of MyCode.js contains Access-Control-Allow-Origin: http://siteB, which I thought meant …

Read More